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Cryptocurrencies have become extremely popular as a form of payment in 
recent years. They are supported by blockchain, a cutting-edge advanced 
technology that makes extensive use of cryptographic mechanisms and other 
sophisticated distributed computing techniques. On these grounds, 
cryptocurrencies have been a target of several attacks. Cyber-attacks, for 
example, are exogenous events that can robustly affect cryptocurrencies by 
influencing their stabilization of price and market valuation. This study 
describes an overview of cybercriminals’ activities on cryptocurrencies. It 
provides a detailed discussion on the most popular types of attacks on the 
cryptocurrency ecosystem. Moreover, it provides possible countermeasures 
to these attacks. Finally, it produces insights into the most impactful attacks 
on cryptocurrencies and the best methods that have been proposed for 
detecting cryptocurrency attacks. The main goal of this survey is to obtain a 


thorough understanding of cryptocurrency attacks, which have been the 
subject of major studies concerning financial risks on cryptocurrency. A 
large number of existing publications have reviewed and assessed various 
forms of attacks to achieve this goal. However, these works have 
considerably flawed. To the best of our knowledge, the present survey sheds 
light on future research directions. 
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1. INTRODUCTION 

In recent years, cryptocurrencies, such as ethereum, bitcoin, and litecoin, have been widely allowed 
as a new form of digital currency worldwide. Nowadays, cryptocurrency is used as a payment method of 
services, such as faucet, gambling, mining pool, marketplace, and mixing; but, it is vulnerable to various 
threats or cyber-attacks [1]. The recent attack, the bitcoin gold (BTG) attack, was discovered in 2020 by a 
researcher of the digital currency initiative at Massachusetts Institute of Technology (MIT). BTG attack is 
one of the newest and most dangerous attacks. An important attribute of cryptocurrency is its capability to act 
as a decentralized payment system. Nevertheless, the cryptocurrency network has vulnerability to various 
threats or cyber-attacks. 

Blockchain is a distributed ledger technology that allows storing information and exchanges 
securely. Blockchain technologies aim to provide better trustworthiness, privacy of data, and security of 
systems, but they are not immune to cyber-attacks [2]. Therefore, most researchers have focused on reducing 
the risk of attacks or at least to identify and prevent them from affecting transactions and achieve a state of 
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security during the circulation and use of digital currencies. The cryptocurrency’s security is guaranteed by 
the blockchain consensus mechanism and the public-key cryptography. 

Fundamentally, the blockchain is a network of interconnected blocks. The unique block 
identification is the hash of the block header. Each block is linked to the next in such a way that the previous 
block’s hash is linked to the current block’s hash. We can trace it back to the genesis block from any single 
block in a blockchain because it is linked to the prior block. Tampering with the blocks in a blockchain is 
impossible because fiddling with one block introduces mistakes in the next, and so on [3]. 

Bitcoin is the first and most frequently used cryptocurrency based on the blockchain technology. 
This coin posed a threat to the currency market as a pure alternative that ensured anonymity and was not 
subject to central government control. Bitcoin continues to have the biggest trading volume of any 
cryptocurrency. Many vulnerabilities and assaults have been researched as the cryptocurrency market has 
grown, and these flaws and attacks have been found to affect the cryptocurrency ecosystem. The proof of 
work (PoW) system in bitcoin ensures transaction security by preventing double spending on the currency. 

Data analysis approaches have been widely used in the cyber security field in the past [4]. To that 
end, having a small number of guiding basics that are easier to adopt in practice might be more valuable. The 
motivation of the current survey is to serve students and researchers who aim to investigate cryptocurrency 
security. It also intends to present some types of attacks that strongly impact cryptocurrency users and 
methods used by researchers to identify most attacks, as well as the results achieved by their research. The 
significant contributions of this study are presened in the following section. 

We divided our work into several parts. First, we reviewed the blockchain network. Then, a 
taxonomy of several attacks on the cryptocurrency ecosystem was presented. We also compiled a list of 
several strategies for detecting these assaults and determined the most effective detection methods. 


2. BLOCKCHAIN NETWORK 

The blockchain used to secure digital currencies must be clarified; it does not require a third party, 
such as a bank or government. Therefore, how the blockchain works and how currencies are traded within 
this ecosystem should be highlighted. Figure 1 illustrates the journey of the transaction through the various 
components and participants in the bitcoin network. Each participant, such as the users or miners, has 
responsibilities and roles. Components, such as the node, wallet, transaction, memory pool, and block, 
represent the main elements of the transaction lifecycle. A distributed system based on a consensus 
mechanism is known as a blockchain system that ensures that the states of the specific data are approved by 
the dispersed nodes. A consensus algorithm is a critical component that determines how the system acts and 
how well it performs. Evidently, several types of consensus algorithms include PoW, proof of stake, and 
other algorithms [5]. 

Furthermore, different types of blockchain systems are entirely dependent on the consensus 
mechanisms used. Based on different blockchain deployment strategies and the application domains, the two 
common types of blockchain are public and private blockchain. A public blockchain, also known as the 
permissionless or unpermissioned, allows anyone to participate to create and validate blocks. Furthermore, it 
allows adjusting the state of the chain by storing and updating data through transactions between participants. 
A private blockchain has a restrictive concept compared with a public blockchain. A private blockchain 
called the permissioned blockchain indicates that only trusted and authorized businesses are allowed to 
participate in the blockchain operations [6]. Other types of blockchains are consortium and hybrid 
blockchains. Blockchain technology has progressed through four stages since the inception of the first 
blockchain system: blockchain 1.0, blockchain 2.0, blockchain 3.0, and blockchain 4.0. 

— In the blockchain 1.0 stage, cryptocurrencies, such as bitcoin, litecoin, and dogecoin, employ blockchain 
technology. 

— In the blockchain 2.0 stage, the blockchain technology is used to develop several applications. Ethereum 
is considered an example of the blockchain 2.0. 

— In the blockchain 3.0 stage, the blockchain technology uses decentralized application (DApp). 

— Inthe blockchain 4.0 stage, the blockchain is used in the industry. 
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Figure 1. Transaction lifecycle [5] 


3. RELATED WORK 

Over the previous years, several studies on cryptocurrencies have been conducted, specifically with 
regard to attacks. The most recent methodologies and studies in the cryptocurrency ecosystem are discussed as 
follows. Scicchitano et al. [2] proposed an anomaly detection system based on a deep learning encoder- 
decoder model. On day 1255, a few days after the current attack, the network identifies a significant anomaly. 
A detailed examination of the circumstances surrounding the 51% attack reveals that a significant number of 
organizations, working on ethereum classic network (ETC), discovered the attack and decided to put a halt to 
their operations. The proposed model also detected the decentralized autonomous organization (DAO) attack. 

Baek et al. [7] proposed a service-level and network-level model for assessing and identifying 
distributed denial of service (DDoS) attack of the bitcoin ecosystem. The researchers used principal 
component analysis (PCA) to perform feature extraction. They also applied multilayer perceptron (MLP). 
DDoS detection was achieved by dividing the training, validation, and testing sets into 6:2:2 ratios. They 
gathered statistical information including maximum, minimum, summation, and standard deviation. The 
accuracy of categorizing regular block data was approximately 70% and the accuracy of detecting DDoS 
attacks was approximately 50%, according to the findings. 

Meanwhile, Iqbal and Matulevičius [8] believed that no mechanisms are currently in place to 
completely mitigate Sybil attack. However, few preventive measures are in place to focus on this attack. The 
node’s computing power is monitored; thus, the computing power in the blockchain network is increased 
according to the available nodes in the network [9]. 

Furthermore, a study examined the use of bio-inspired computing in machine learning models to 
prevent insider threats and improve the model by automating the feature selection optimization process. They 
placed various swarm intelligence algorithms to the test, and the results show that they can improve the 
accuracy and speed of detecting malicious behavior in large data sets [10]. Lai et al. [11] presented a complete 
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overview of the many attack scenarios that the bitcoin network could face, the methods used to carry out the 
attacks, and reviews of the solutions and countermeasures proposed to combat these attacks. Finally, they 
summarized other security issues and offered additional improvements to the bitcoin network’s security. 

We searched through papers detailing various forms of attacks on various cryptocurrencies and did not 
limit our investigation to a single cryptocurrency. We have classified the attacks into four categories, and each 
category has been divided into many different types with detailed explanations. Furthermore, we estimated how 
these attacks were conducted, and presented the detection techniques that produced highly accurate results. 


4. CYBER ATTACKS IN CRYPTOCURRENCIES 

The various types of attacks have been grouped into four main categories. The four main security 
concerns to cryptocurrencies are discussed in this section. These cyber-attacks were successful, resulting in 
substantial losses or the denial of cryptocurrency services. In all cases, the attacker must achieve sufficient utility 
to justify the essential cost of an attack. Figure 2 illustrates the taxonomy of attacks on the cryptocurrency. 
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Figure 2. Taxonomy of attacks on cryptocurrency 


4.1. Hash-based attack 
This attack entails gathering hash values and attempting to find the same hash value for various 
additional messages sent. 

— 51% attack: this type of attack has an entirely negative effect on cryptocurrencies. A 51% attack occurs 
when a group of miners or an individual miner controls more than 50% of the network’s mining hash or 
devices [12]. This form of threat starts with a private chain of blocks that is completely distinct from the 
genuine chain. Then, the separated chain is presented to the network to be formed as a genuine chain. 
By encouraging network nodes to follow their chain, attackers that achieve 51% or more hashing power 
can drive the longest chain. When mining power is less than 40%, then 51% attack can possibly occur 
but with a lesser probability, such as BTG [9]. 

—  p+Epsilon attack: this type of attack takes advantage of the network participants’ prevailing technique. 
A blockchain based in facts of PoW is typically vulnerable to this type of attack. When attackers grant 
participants a payout, a payment matrix is used to obtain an advantage, with the dominant strategy 
supporting the attacker’s aim fulfillment. In light of this, the participants receive no remuneration, 
whereas the attacker obtains the full amount [13]. 

— Balance attack: it is a strategy that focuses on nodes with equally distributed mining power [14]. This 
form of attack can be used to double the amount of money spent on a PoW consensus. An attacker can 
delay messages on the Ethereum network by using their limited hashing power. This attack may be 
carried out with 5% of the hashing power accessible [9]. The attacker must initially identify the 
merchant-involved subgroup before launching transactions to purchase products from them. The 
attacker should send transactions to this subgroup and mine blocks to the remaining group nodes [15]. 

— Goldfinger attack: a majority attack, where the attacker is motivated by anything other than the 
cryptocurrency economy. Purchase of mining equipment, demand for rental (Nice Hash), and other 
indicators of dominance over the complete network hash rate can be observed. The goal of this attack is 
to bring down the entire system [16]. 
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4.2. Traffic-based attack 
This attack can be classified into two categories, there are: 

— DDoS attack: multiple systems overwhelm the resources and bandwidth of the targeted system in a 
DDoS attack. The target node refuses the transaction because the system is overloaded [12]. Attackers 
utilize DDoS to prevent authentic transactions from being completed so that invalid transactions can be 
carried out. On the contrary, DDoS attacks can only significantly limit network activity. DDoS attacks 
are dangerous because they overload centralized systems with additional traffic. A DDoS attack is 
supposed to overwhelm centralized servers, although the bandwidth required to overwhelm them are 
nearly unachievable in most circumstances. According to research, DDoS becomes more prevalent, and 
each attack costs businesses more than $2 million. 

— Border gateway protocol (BGP) hijacking: BGP hijacking is a technique in which an internet service 
provider (ISP) sends out bogus routing system announcements to redirect traffic. A routing attack is 
another name for it. In effect, the ability to undertake a double-spending attack is a conceivable result of 
this attack. If the attacker wants to hijack all of the traffic for a valid prefix p, then either: i) announce p 
or ii) announce a more specific prefix of p. In the first status, the attacker receives 50% of the traffic 
because BGP routers prefer shorter links. The longest-match entry is used by internet routers to forward 
data, and the attacker engages all traffic destined to the destination in the second status [17]. 


4.3. Reliability-based attack 
This attack can be classified into three categories, there are: 

— Eclipse attack: the eclipse attack allows an attacker to control all the target’s incoming and outgoing 
connections, effectively isolating the victim from the rest of the network’s peers [18]. On Bitcoin’s 
peer-to-peer network, the two types of eclipse attacks are botnet attack and infrastructure attack. Bots 
with distinct IP address ranges initiate the botnet attack. The infrastructure attack simulates the threat 
posed by a company, an ISP, or a nation-state with a large number of contiguous IP addresses [19]. 

— Wallet attack: a wallet can be controlled by a software application, a hardware device, or an internet 
service that holds the private and public keys linked with the user’s addresses. To transact with a 
cryptocurrency, users must have control over their cryptocurrency wallets. An attack on a wallet service 
provider, its users, or wallet software can have a significant impact, culminating in large coin theft and a 
loss of trust in the entire system. Coinbase is an online cryptocurrency exchange and wallet that, 
different from single-coin wallets, allows users to possess and trade multiple cryptocurrencies from the 
same account [16]. Moreover, individual wallet user attacks can be carried out using various harmful 
techniques to steal user credentials and obtain access to their funds [20]. 

— Sybil attack: sybil attack is considered a type of reliability threat. It is a system node that manages 
several identities. Peer-to-peer networks rely on the concept of identity, in which each machine 
represents a single identity [21]. Douceur [22], a Microsoft researcher, was the first to bring the attack 
method to the world’s attention. The attackers can establish many bogus nodes that look real to their 
peers. These bogus nodes contribute to network corruption by validating unlawful transactions and 
modifying valid transactions [9]. Even when the bitcoin blockchain network has a large number of 
nodes, resulting in a very expensive attach, whereas an opponent has a great number of network nodes, 
the possibilities of double spending increases. 


4.4. Payment-based attack 
A number of attacks that use cryptocurrencies as a payment method include the following: 

— High yield investment program (HYIP): HYIP is considered a fraudulent activity. Thus, obtaining 
bitcoin addresses linked to fraud to detect such illegal acts is crucial. Thus far, such actions have been 
identified by correlating bitcoin addresses with graph mining techniques [23]. According to certain 
studies, HYIPs account for 0.03 to 0.15% of smart contracts [24]. Other sources believed that HYIP 
using Ethereum is worth approximately half a million dollars [25]. 

— Ransomware attack: ransomware is evolving and improving harmful software that takes the shape of 
Crypto or Locker and is designed to attack and take control of critical infrastructure and computer 
systems [26]. Some examples include CryptoWall, Cryptolocker, Manamecrypt, and 
CryptoDefense [27]. A considerable increase is found in crypto-ransomware attacks, which encrypt 
individual files on a host or network-attached storage and demand a ransom in cryptocurrency [28]. 

—  Cryptojacking attack: in cryptojacking, an attacker executes crypto mining software on the devices of 
unknown. The two most common attacks in malware code are: web browser-based crypto mining and 
installable binary crypto mining. Hoya, Japan’s largest optical goods producer, shut down its production 
lines for three days as hackers attempted to set up an illegal cryptocurrency mining operation. A number 
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of illegal mining operations have already been found. “Bitcoin mining plot” has led to the arrest of 
Russian nuclear specialists [29]. 

— Pump & dump attack (P&D): P&D fraud is considered a market manipulation scheme that involves 
artificially increasing the price of a private security and then selling it to other investors at a much 
higher price [30]. At present, hundreds of cryptocurrencies occur, the market is unregulated, and prices 
are easily influenced. Therefore, pump and dumps are extremely typical in these securities. P&Ds are 
currently led by a significant number of personality internet groups, and the movement has gone viral, 
despite that it is still relatively unknown [31]. 


5. METHODOLOGIES FOR DETECTIING CRYPTOCURRENCY ATTACKS 

Cryptocurrency attacks can be detected in various approaches according to the type of attack, its 
severity, and its impact on the labor market. Table 1 [2], [23], [25], [29], [32]-[45] (in Appendix) highlights 
most types of attacks against some digital currencies, the detection methods used, the methods applied to 
evaluate the performance of each model, and the results obtained. This table shows the most common and 
influential attacks on the cryptocurrency ecosystem. 

These techniques can be employed to create a more secure level for cryptocurrency networks with 
the possibility to detect and prove the specific types of malicious transactions. Importantly, the most common 
methods used for detecting attacks are machine learning and deep learning. Arguably, in artificial 
intelligence, machine learning is used to find the best solutions to complicated issues in information science. 


6. DISCUSSION 

In the world of cryptocurrency exchanges and stock trading that provide the speed of 
implementation to customers and users, any system can suffer from dangerous vulnerabilities related to 
concerns about security and privacy; thus, using blockchain technology is a robust option to secure services 
and platforms. However, most digital currencies are exposed to many security threats that cause denial of 
service or illegal use, such as money laundering. Therefore, these attacks and methods to detect them should 
be studied. This research presented many types of attacks and the various approaches to detect them. 

The four primary attack types were identified, including hash-based, traffic-based, reliability-based, 
and payment-based attacks; each type comprises many attacks. Therefore, by knowing these types and their 
impact on digital currencies, we can select the smartest and fastest methods to detect them. One of the 
greatest challenges the researchers face is the DDoS attack; the methods used to detect it did not achieve high 
accuracy. Thus, the attack leaves the website inaccessible to the desired users. In practice, the results reached 
by most researchers show that the most dangerous attack is represented by 51% attack and the DDoS attack. 
Thus far, several events of 51% attacks have been registered on cryptocurrencies because making 
considerable amount of money using this method of assault is possible. 

In general, all types of legal and illegal digital currencies fall under the umbrella of cryptocurrency. 
Cryptocurrencies represent danger to the economy, particularly those in the industrialized world, for various 
reasons. The most important of which is the rise in economic importance of cryptocurrencies to the point 
where they have become the primary mechanism for settling payments, particularly international exchanges, 
and the fear of capital flight from them, as well as the possibility of heavy losses. However, in light of the 
fact that these currencies are not backed by physical assets, they pose a risk. 

Although the use of cryptocurrencies in terrorist financing has not grown significantly, anonymity 
makes them a financial means for people and organizations, as well as criminal and terrorist gangs, who 
receive payments that may expose them to terrorist financing sanctions. As a result, highlighting the most 
effective methods for detecting, reducing, and preventing cryptocurrency-related threats is critical. Therefore, 
our research included a diverse variety of attacks and detection methods. On these grounds, the requirement 
for cryptocurrency security methods may stimulate the development of better encryption solutions. Despite 
the current obstacles, the trends indicate a promising future for these currencies. 


7. CONCLUSION 

At present, many cryptocurrencies are vulnerable to cyber-attacks, where platforms of this 
cryptocurrency face security issues similar to other online businesses. In this study, we provided a thorough 
survey of the most important cyber-attacks on a cryptocurrency network. As a preliminary study, this 
research focuses on a summary of key cryptocurrency assaults and the strategies recommended to counter 
them. Machine learning represents a promising approach to solving complex cybersecurity problems. 
Therefore, most researchers have used machine learning in their experiments to detect many attacks affecting 
the cryptocurrency network. Many researchers have presented various approaches that focus on detection, 
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prevention, and traceback to prevent various attacks. Nonetheless, in detection systems, failure to recognize 
the limitations of real-time problems, complexity, data integration, and the absence of a regulatory central 
scope with the traditional cryptocurrencies are key challenges. Ultimately, we aim to expand our survey to 
include more sorts of cryptocurrency attacks in the future, as well as more detection methods of these attacks, 
with the aim of proposing new suitable detection mechanisms. 


APPENDIX 
Table 1. Methods for detection of cryptocurrency attacks 
No Ref. kma Attack type Cryptocurrency Pen enn ds Result and performance measurements 
1 [2] 2020 51% attack and ETC RNNs as a neural Recurrent autoencoder (RAE) model that 
DAO attack encoder-decoder effective detect the publicly reported 
model attack 

2 [32] 2015 51% attack Bitcoin Continuous-time Results obtained are applicable for each 
markov chains state of the Bitcoin network 
(CTMCs) 

3 [7] 2019 DDoS attack Bitcoin MLP DDoS attacks were detected with a 50% 
accuracy, whereas regular block data were 
identified with a 70% accuracy 

4 [33] 2014 DDoS attack Bitcoin Word-based Using a confusion matrix, the accuracy of 
classifier DDoS attack detection was approximately 

75% 

5 [34] 2019 Ransomware Bitcoin Bayesian belief The accuracy of ransomware attack 
betwork (BBN) detection was approximately 97.5% 

6 [35] 2019 P&D Bitcoin Random forest Using LASSO regularized GML and 

balanced random forests, the likelihood of 
a currency being pumped with an area 
under the curve (AUC) of over 90% was 
predicted 

7 [36] 2019 P&D The model was Extreme gradient The result was as: 99.5% AUC, 99.7% 

applied to the boosting specificity, and 85.5% sensitivity, using 
full-time series the AUC 
of 172 coins 

8 [37] 2019 Eclipse attack Etherum Random forest The precision rate is approximately 72%, 
and the recall rate is approximately 93% 

9 [38] 2020 Eclipse attack Bitcoin Python-flask web The  gossip-based protocol provides 
framework and multiple benefits while introducing a 
flask’s default significantly improved detection time and 
webserver low overheads, using Amazon AWS 

10 [39] 2019 Cryptojacking JSECoin and SVM classification 97% TPR and 1.1% FPR 

attack Monero model 

11 [40] 2022 Ransomware Bitcoin Rule-based Accuracy of approximately 96.01%, recall 

algorithms of approximately 96%, precision of 
approximately 95.9%, and an F-measure 
of 95.6%, when metrics, accuracy, 
precision, sensitivity, and F-measure are 
employed 

12 [41] 2019 Cryptojacking Ethereum, Shared nearest Using KNN classifier, 99.7% TPR, 46.1% 

attack Monero, and neighbour (SNN) FPR, 99.9% precision, and 99.7% recall 
Zcash clustering algorithm 
13 [42] 2019 Cryptojacking Monero Capsule network 87% of the instances were detected 
attack (CapsNet) immediately, and 99% of the instances 
technology were detected during a window of 11 
seconds 
14 [29] 2021 Cryptojacking Bitcoin, Random forest Using the mean square error (MSE) 
attack Monero, and 94.1% TPR, 59% FPR, 99% of AUC for 
Bytecoin the ROC and 96% of Fl-score 

15 [43] 2019 HYIP threat Bitcoin Random forest Accuracy of approximately 95% TPR and 
4.9 FPR 

16 [44] 2018 HYIP threat Bitcoin Random forest Accuracy of approximately 97.9%, 96.8% 
TPR, 96.9% recall, and 97.9% specificity 

17 [23] 2017 HYIP threat Bitcoin Random forest Accuracy of approximately 83% TPR and 
4.4% FPR 

18 [25] 2018 HYIP threat Ethereum Extreme gradient 94% precision, 81% recall, and 86% F- 
boosting (XGBoost) score 

19 [45] 2019 HYIP threat Ethereum Random forest Accuracy of approximately 95% precision 


and 69% recall 
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